MastoWoT?

- -

Instructions

This tool is intended for Mastodon instance administrators

You can still play around with it even if you aren't a server admin, but - don't complain to me that you can't figure out how to work it :)

This tool is designed to suggest a blocklist that you may - want to configure on your Mastodon instance. The goal is to create a - system simpler than scrolling #FediBlock, more proactive than relying - entirely on user reports, and more federated than distributing blocklists - from a central authority.

To start, enter your instance's domain (no 'https://', no page, just the domain) - into the box above the synchronize button - on the right side menu, and click "Synchronize". This will make two calls - to your server's API to fetch the known peers and the block list. This - WILL require that your instance is configured to share this information. - This can be configured in your instance settings, under Site Settings, - enable 'publish list of discovered servers' and 'enable profile directory'. - Also set "show domain blocks" and "show rationale" as "to everyone".

Once you synchronie, any domains you have already blocked will appear - under Untrusted Hosts. All other known peers will appear under Known Hosts. - Now, you need to find some hosts you trust in the Known Hosts list and move - their slider to the right. The slider moves between -100 and 100, and once - you select a value it will update in the text box (you can also enter a - value into the box directly). This should - represent how much you "trust" this server, with -100 meaning you think this - server is "evil" and 100 meaning it is to be trusted entirely (at least for - the purposes of generating a blocklist). As you set values, these hosts will - move to Trusted Hosts or Untrusted Hosts accordingly. I do NOT recommend - trying to set a value for every single instance in the list. Search the page - for instances that you are already familiar with instead.

Once you have added a few trusted instances, click "Process" from the right - side menu. This will fetch the block list from each instance on your trusted - list. A host that appears on any of these blocklists will receive a negative - trust value equal to the trust value of the hosts that have blocked it, - multiplied by the appropriate multiplier values (configured in the side - menu), averaged by dividing it by the total number of hosts in the list.

Finally, you can use the "Export for Mastodon" button from the side menu - to export a blocklist as a CSV file, which you can then import into your - instance using the script provided below. This export will be - generated based on the Thresholds values set on the right side menu. Any - hosts with a trust value equal to or below the suspend threshold will be - suspended; any remaining hosts with a trust value equal to or below the - limit thershold will be limited.

Also please be aware that some instances may choose to obfuscate certain - URLs from their block list. Please don't do that. This tool cannot - work with obfuscated URLs.

The remaining options are mentioned below:

Hide Impotents: Tries to fetch a blocklist from all hosts in the list. - If no blocklist can be downloaded, the host will be hidden (They will NOT - be removed from the list, only hidden from display.) There is no point - adding one of these hosts to your trusted list if they do not provide a - their block list.
Find Enemies of Enemies: Creates a new list of hosts that are blocked - by the hosts on your untrusted list. The hosts on this list will NOT be - considered trusted or untrusted until you click the 'add' button to move - them into the main list with the given trust value.
Find Friends of Friends: Creates a new list of hosts that are in the - directory of the hosts in your trusted list. Trust values will be based - on both the trust value of the trusted host and the number of accounts - in its directory that are hosted at the this instance.
FInd Associates of Enemies: Creates a new list of hosts that are in the - directory of the hosts in your untrusted list. Trust values will be based - on both the trust value of the untrusted host and the number of accounts - in its directory that are hosted at the this instance.
Load from cache: Load instances list from the browser cache
Save to cache: Save instances list to your browser cache
Export to you: Show the instances list as a JSON string
Import from you: Import a JSON string exported previously

- -

-# IMPORT SCRIPT
-# I realize Mastodon already has an import function, but as far as I can tell, that
-#   does not allow you to include the comments. This script will.
-
-# This script assumes the export file is available in the current directory 
-#   and named 'mastowot.csv'
-
-# This should be your mastodon API token with admin access
-# (Generate from your admin user's development menu. Requires admin;write permissions)
-ADMIN_ACCESS_TOKEN=""
-# And your instance hostname of course
-MASTODON_HOST="https://"
-
-ts="`date +%Y%m%d-%H:%M:%S`"
-awk -v RS='"\n' \
-    -v FS="," \
-    -v authtoken="$ADMIN_ACCESS_TOKEN" \
-    -v tgthost="$MASTODON_HOST" \
-    -v timestamp="$ts" \
-'{
-    system("curl -X POST -H \"Authorization: Bearer "authtoken"\" \
-              -F \"domain="$1"\" -F \"private_comment=Updated by MastoWoT "timestamp"\" \
-              -F \"public_comment="$2"\" \
-              "tgthost"/api/v1/admin/domain_blocks");
-}' mastowot.csv
-
-

-TODO:
-  Styling:
-    Color chooser, high contrast mode
-  Sort lists by name or trust level
-  Determine if blocked hosts have/had direct associations? and when?
-
-

Ultimately I do think this would make more sense as a shell script run - via cron job...but I think this is a better way to display the concept, - so that version is part two :)

MastoWoT: A Web-of-Trust inspired defederation station

Instructions

Trusted Hosts

Instance

Trust Value

Untrusted Hosts

Instance

Trust Value

Known Hosts

Instance

Trust Value

Multipliers

Thresholds